opendkim-genkey - DKIM filter key generation tool
opendkim-genkey [options]
opendkim-genkey generates (1) a private key for signing messages using opendkim(8) and (2) a DNS TXT record suitable for inclusion in a zone file which publishes the matching public key for use by remote DKIM verifiers.
The filenames of these are based on the selector (see below); the private key will have a suffix of ".private" and the TXT record will have a suffix of ".txt".
-b bits
Specifies the size of the key, in bits, to be generated. The default is 1024 which is the value recommended by the DKIM specification.
-d domain
Names the domain which will use this key for signing. Currently only used in a comment in the TXT record file. The default is "@DOMAIN@".
-D directory
Instructs the tool to change to the named directory prior to creating files. By default the current directory is used.
-f user
Defines the user part of the email address user@domain which will received ARF (RFC5965) feedback reports if a DKIM signature fails as part of draft-ietf-marf-dkim-reporting. By default this is set to postmaster.
-ff format
Defines the feedback format of draft-ietf-marf-dkim-reporting. Options are arf and smtp. By default the, ARF format is used.
-fi interval
Defines the number that specifies the interval in which no more that one report should be sent. By default interval equates to 0 requesting all reports.
-g granularity
Defines the key granularity, i.e. the user(s) who may use the key. The default is "*" meaning any user can use the key.
-h algorithms
Specifies a list of hash algorithms which can be used with this key. By default all hash algorithms are allowed.
-n note
Includes arbitrary note text in the key record. By default, no such text is included.
|
-r |
Restricts the key for use in e-mail signing only. The default is to allow the key to be used for any service. |
-s selector
Specifies the selector, or name, of the key pair generated. The default is "default".
|
-S |
Disallows subdomain signing by this key. By default the key record will be generated such that verifiers are told subdomain signing is permitted. |
||
|
-t |
Indicates the generated key record should be tagged such that verifiers are aware DKIM is in test at the signing domain. |
Requires that the openssl(8) binary be installed and in the executing shell’s search path.
This man page covers the version of opendkim-genkey that shipped with version @VERSION@ of OpenDKIM.
Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights reserved.
Copyright (c) 2009, 2011, The OpenDKIM Project. All rights reserved.
opendkim(8), openssl(8)
RFC4871 - DomainKeys Identified Mail